From 63002bf52b6b6e7128ca1ae96b80ef89bba870c1 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Wed, 7 Feb 2024 11:19:11 +0800 Subject: [PATCH] Fix CVE-2024-24680 --- CVE-2024-24680.patch | 205 +++++++++++++++++++++++++++++++++++++++++++ python-django.spec | 7 +- 2 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-24680.patch diff --git a/CVE-2024-24680.patch b/CVE-2024-24680.patch new file mode 100644 index 0000000..62fccfb --- /dev/null +++ b/CVE-2024-24680.patch @@ -0,0 +1,205 @@ +From c1171ffbd570db90ca206c30f8e2b9f691243820 Mon Sep 17 00:00:00 2001 +From: Adam Johnson +Date: Mon, 22 Jan 2024 13:21:13 +0000 +Subject: [PATCH] [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS +in + intcomma template filter. + +Thanks Seokchan Yoon for the report. + +Co-authored-by: Mariusz Felisiak +Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> +Co-authored-by: Shai Berger +--- + .../contrib/humanize/templatetags/humanize.py | 13 +- + tests/humanize_tests/tests.py | 140 ++++++++++++++++-- + 2 files changed, 135 insertions(+), 18 deletions(-) + +diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py +index 194c7e8..98ba276 100644 +--- a/django/contrib/humanize/templatetags/humanize.py ++++ b/django/contrib/humanize/templatetags/humanize.py +@@ -71,12 +71,13 @@ def intcomma(value, use_l10n=True): + return intcomma(value, False) + else: + return number_format(value, force_grouping=True) +- orig = str(value) +- new = re.sub(r"^(-?\d+)(\d{3})", r'\g<1>,\g<2>', orig) +- if orig == new: +- return new +- else: +- return intcomma(new, use_l10n) ++ result = str(value) ++ match = re.match(r"-?\d+", result) ++ if match: ++ prefix = match[0] ++ prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] ++ result = prefix_with_commas + result[len(prefix) :] ++ return result + + + # A tuple of standard large number to their converters +diff --git a/tests/humanize_tests/tests.py b/tests/humanize_tests/tests.py +index 16e8fa6..e047330 100644 +--- a/tests/humanize_tests/tests.py ++++ b/tests/humanize_tests/tests.py +@@ -62,28 +62,144 @@ class HumanizeTests(SimpleTestCase): + + def test_intcomma(self): + test_list = ( +- 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', +- '10123', '10311', '1000000', '1234567.1234567', +- Decimal('1234567.1234567'), None, ++ 100, ++ -100, ++ 1000, ++ -1000, ++ 10123, ++ -10123, ++ 10311, ++ -10311, ++ 1000000, ++ -1000000, ++ 1234567.25, ++ -1234567.25, ++ "100", ++ "-100", ++ "1000", ++ "-1000", ++ "10123", ++ "-10123", ++ "10311", ++ "-10311", ++ "1000000", ++ "-1000000", ++ "1234567.1234567", ++ "-1234567.1234567", ++ Decimal("1234567.1234567"), ++ Decimal("-1234567.1234567"), ++ None, ++ "1234567", ++ "-1234567", ++ "1234567.12", ++ "-1234567.12", ++ "the quick brown fox jumped over the lazy dog", + ) + result_list = ( +- '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', +- '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', +- '1,234,567.1234567', None, ++ "100", ++ "-100", ++ "1,000", ++ "-1,000", ++ "10,123", ++ "-10,123", ++ "10,311", ++ "-10,311", ++ "1,000,000", ++ "-1,000,000", ++ "1,234,567.25", ++ "-1,234,567.25", ++ "100", ++ "-100", ++ "1,000", ++ "-1,000", ++ "10,123", ++ "-10,123", ++ "10,311", ++ "-10,311", ++ "1,000,000", ++ "-1,000,000", ++ "1,234,567.1234567", ++ "-1,234,567.1234567", ++ "1,234,567.1234567", ++ "-1,234,567.1234567", ++ None, ++ "1,234,567", ++ "-1,234,567", ++ "1,234,567.12", ++ "-1,234,567.12", ++ "the quick brown fox jumped over the lazy dog", + ) + with translation.override('en'): + self.humanize_tester(test_list, result_list, 'intcomma') + + def test_l10n_intcomma(self): + test_list = ( +- 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', +- '10123', '10311', '1000000', '1234567.1234567', +- Decimal('1234567.1234567'), None, ++ 100, ++ -100, ++ 1000, ++ -1000, ++ 10123, ++ -10123, ++ 10311, ++ -10311, ++ 1000000, ++ -1000000, ++ 1234567.25, ++ -1234567.25, ++ "100", ++ "-100", ++ "1000", ++ "-1000", ++ "10123", ++ "-10123", ++ "10311", ++ "-10311", ++ "1000000", ++ "-1000000", ++ "1234567.1234567", ++ "-1234567.1234567", ++ Decimal("1234567.1234567"), ++ -Decimal("1234567.1234567"), ++ None, ++ "1234567", ++ "-1234567", ++ "1234567.12", ++ "-1234567.12", ++ "the quick brown fox jumped over the lazy dog", + ) + result_list = ( +- '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', +- '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', +- '1,234,567.1234567', None, ++ "100", ++ "-100", ++ "1,000", ++ "-1,000", ++ "10,123", ++ "-10,123", ++ "10,311", ++ "-10,311", ++ "1,000,000", ++ "-1,000,000", ++ "1,234,567.25", ++ "-1,234,567.25", ++ "100", ++ "-100", ++ "1,000", ++ "-1,000", ++ "10,123", ++ "-10,123", ++ "10,311", ++ "-10,311", ++ "1,000,000", ++ "-1,000,000", ++ "1,234,567.1234567", ++ "-1,234,567.1234567", ++ "1,234,567.1234567", ++ "-1,234,567.1234567", ++ None, ++ "1,234,567", ++ "-1,234,567", ++ "1,234,567.12", ++ "-1,234,567.12", ++ "the quick brown fox jumped over the lazy dog", + ) + with self.settings(USE_L10N=True, USE_THOUSAND_SEPARATOR=False): + with translation.override('en'): +-- +2.33.0 + diff --git a/python-django.spec b/python-django.spec index d5e0241..8a582b2 100644 --- a/python-django.spec +++ b/python-django.spec @@ -1,7 +1,7 @@ %global _empty_manifest_terminate_build 0 Name: python-django Version: 2.2.27 -Release: 9 +Release: 10 Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design. License: Apache-2.0 and Python-2.0 and OFL-1.1 and MIT URL: https://www.djangoproject.com/ @@ -21,6 +21,8 @@ Patch6: CVE-2023-41164.patch Patch7: CVE-2023-43665.patch # https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b Patch8: CVE-2023-46695.patch +# https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820 +Patch9: CVE-2024-24680.patch BuildArch: noarch %description @@ -87,6 +89,9 @@ mv %{buildroot}/doclist.lst . %{_docdir}/* %changelog +* Wed Feb 07 2024 yaoxin - 2.2.27-10 +- Fix CVE-2024-24680 + * Mon Nov 06 2023 yaoxin - 2.2.27-9 - Fix CVE-2023-46695 -- Gitee